schannel: add CURLOPT_CERTINFO support #822

Closed
wants to merge 4 commits into
from

Projects

None yet

4 participants

@ajax16384
Contributor
ajax16384 commented May 20, 2016 edited

allow to retrieve certinfo from winssl backend

ajax16384 added some commits May 20, 2016
@ajax16384 ajax16384 schannel: add CURLOPT_CERTINFO support
638415b
@ajax16384 ajax16384 fix checksrc validation
2fbac2f
@ajax16384 ajax16384 fix CMake build
c7fb5fb
@mback2k mback2k and 1 other commented on an outdated diff May 27, 2016
CMakeLists.txt
@@ -578,6 +578,7 @@ if(NOT UNIX)
if(HAVE_SCHANNEL_H)
set(USE_SCHANNEL ON)
set(SSL_ENABLED ON)
+ check_library_exists_concat("crypt32" CertFreeCertificateContext HAVE_LIBCRYPT32)
@mback2k
mback2k May 27, 2016 Member

Please fix the indentation by adding one additional space in front of this line.

@mback2k mback2k and 1 other commented on an outdated diff May 27, 2016
lib/vtls/schannel.c
@@ -694,6 +696,30 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
}
}
+ if(data->set.ssl.certinfo) {
+ sspi_status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
+ SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context);
+
+ if((sspi_status != SEC_E_OK) || (ccert_context == NULL)) {
+ failf(data, "schannel: failed to retrieve remote cert context");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ result = Curl_ssl_init_certinfo(data, 1);
+ if(!result) {
+ if(((ccert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) &&
+ (ccert_context->cbCertEncoded > 0)) {
@mback2k
mback2k May 27, 2016 Member

Please fix the indentation by adding one additional space in front of this line.

@mback2k
Member
mback2k commented May 27, 2016

The proposed patch / merge request looks good to me, aside from the small indentation fixes. @bagder do you have any final comments before merging?

@jay
Member
jay commented May 27, 2016

@mback2k hold off there's a patch release pending that's why no features have been added

@mback2k
Member
mback2k commented May 27, 2016

@jay Yep, I saw that information. :-)

Andrei Kurushin fix indent
087bc12
@bagder
Member
bagder commented May 30, 2016

my comment: 👍

@bagder bagder added the SSL/TLS label Jun 1, 2016
@bagder bagder added a commit that closed this pull request Jun 1, 2016
@ajax16384 @bagder ajax16384 + bagder schannel: add CURLOPT_CERTINFO support
Closes #822
6cabd78
@bagder bagder closed this in 6cabd78 Jun 1, 2016
@bagder
Member
bagder commented Jun 1, 2016

thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment